-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
109 lines (87 loc) · 3.13 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# When you declare a variable in child modules, the calling module should pass values in the module block as an input.
module "secrets" {
source = "./secrets"
}
# VPC : network resources
module "vpc" {
source = "./vpc"
region = var.region
availability_zone = var.availability_zone
log_bucket_arn = module.data-services.log_bucket.arn
}
# IAM : user and access management resources
module "iam" {
source = "./iam"
application_code_bucket_arn = module.data-services.application_code_bucket_arn
ec2_subscription_app_arn = module.ec2.ec2_subscription_app_arn
ec2_stream_app_arn = module.ec2.ec2_stream_app_arn
mysql_arn = module.data-services.mysql_arn
mssql_arn = module.data-services.mssql_arn
}
# Data-Services : storage resources
module "data-services" {
source = "./data-services"
region = var.region
db_subnet_group_name = module.vpc.db_subnet_group_name
vpc_security_group_ids = [
module.vpc.allow_mysql_sg_id,
module.vpc.allow_mssql_sg_id
]
availability_zone = var.availability_zone
db_username = module.secrets.db_creds.username
db_password = module.secrets.db_creds.password
}
# EC2 : computing resources
module "ec2" {
source = "./ec2"
region = var.region
availability_zone = var.availability_zone
log_bucket_name = module.data-services.log_bucket.bucket
main_vpc_id = module.vpc.main_vpc_id
vpc_security_group_ids = [
module.vpc.allow_http_sg_id,
module.vpc.allow_tls_sg_id,
module.vpc.allow_mysql_sg_id,
module.vpc.allow_mssql_sg_id,
module.vpc.allow_ssh_sg_id
]
public_subnet_ids = module.vpc.public_subnet_ids
private_subnet_ids = [
module.vpc.private_subnet_ids[0],
module.vpc.private_subnet_ids[1]
]
ec2_instance_profile = module.iam.ec2_instance_profile
application_code_bucket_id = module.data-services.application_code_bucket_id
application_code_1_object = module.data-services.application_code_1_object
application_code_2_object = module.data-services.application_code_2_object
first_rds_endpoint = module.data-services.first_rds_endpoint
second_rds_endpoint = module.data-services.second_rds_endpoint
db_username = module.secrets.db_creds.username
db_password = module.secrets.db_creds.password
}
# CloudTrail Alarm Root Login AWS Account
module "cloudtrail" {
source = "./cloudtrail"
region = var.region
}
# Lambda RDS Logs to S3
module "lambda-rds-s3" {
source = "./lambda-rds-s3"
memory_size = var.memory_size
timeout = var.timeout
}
# CloudWatch RDS Logs to S3
module "cloudwatch-rds-s3" {
source = "./cloudwatch-rds-s3"
region = var.region
lambda_function_arn = module.lambda-rds-s3.lambda_function_arn
lambda_function_name = module.lambda-rds-s3.lambda_function_name
rate = var.rate
rds_instance_names = [
module.data-services.rds_instance_names[0],
module.data-services.rds_instance_names[1]
]
s3_bucket_name = module.data-services.log_bucket.bucket
min_file_size = var.min_file_size
log_prefix = var.log_prefix
}